Aceware Aceweb Online Portal — known CVE vulnerabilities
Every CVE whose affected-product data names Aceware Aceweb Online Portal, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2022-24239 — CVSS 9.8 (critical): ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp.
CVE-2022-24240 — CVSS 9.8 (critical): ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.
CVE-2022-24241 — CVSS 7.5 (high): ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath…
CVE-2022-24581 — CVSS 7.5 (high): ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when…
CVE-2022-24238 — CVSS 6.1 (medium): ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in…